Claude Code covertly flagged China-linked proxy users, backlash grows

Since version 2.1.91 (released April 2, 2026), Claude Code has contained code that, whenever a user connects through a proxy, secretly checks whether the system timezone is set to Shanghai or Urumqi and whether the proxy's domain matches a list of Chinese domains or known Chinese AI labs. Based on those checks, the app covertly alters the date formatting inside the sent with each request — a technique that leaves an invisible marker without the user's knowledge. The code was deliberately obfuscated inside the Claude Code binary, making it hard to spot.

It came to light when a developer who runs Claude Code through a personal proxy (to mix GPT and s and fine-tune ) was version 2.1.196 to undo a change that disabled whenever proxying was enabled, and stumbled onto the hidden check. The discovery triggered a heated discussion on Hacker News, and reports say Alibaba is considering banning Claude Code internally over the alleged backdoor risk.

Key points

  • Since Claude Code 2.1.91 (2026-04-02), proxy connections trigger a check of system timezone and proxy domain to flag China-linked usage
  • The result covertly alters the date format in the — a marker — and the code was obfuscated inside the binary
  • It was found by accident while a developer a 2.1.196 change that disabled during proxy use
  • Alibaba is reportedly considering banning Claude Code internally over the alleged backdoor risk

Sources covering this story (31)

Read original